Announcement

Collapse
No announcement yet.

Problem with ISA 2000

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with ISA 2000

    Hello!

    I have some experience with ISA 2004, but not with ISA 2000 On this week I rebuilt our old server with SBS2003 and ISA 2000.
    Because before I never had a deal with ISA 2000, I have a problem and I don't know how to resolve it:
    when I connect remotely to that server via VPN, by some reason I cannot ping internal IP addresses. How to enable that ping ?
    Is this the big issue ? I mean that I can survive without that ping response, but I am just wondering how to enable ping for internal IPs ?
    Because, in fact, I have OWA up and running, all internal clients can access internet via proxy server, and skype can connect on local computers. From that I can assume that in general everthing is all right.
    But why I can't ping internal IPs when I am connected via VPN ?
    What I did: I added manual ping response for external card. It means that I can ping remotely external IP...but not internal...

    please help!
    Thank you!
    Mihail
    regards,

    Mihail Kravsun
    MCSA, CCNA

  • #2
    Re: Problem with ISA 2000

    I don't remember that well but it may be that ISA2000 blocks ping .
    But i would ask further, if all your apps are working why do you need ping. More importantly, why are you using VPN when you could be using RWW (Remote Web Workplace). All you need for that is your firewall to forward ports 443 (SSL) and 4125 to your SBS server. You then connect by:
    https://<FQDN>/remote and you can get full control of your desktop from outside the organisation in a much safer way than using VPN
    TIA

    Steven Teiger [SBS-MVP(2003-2009)]
    http://www.wintra.co.il/
    sigpic
    Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

    We donít stop playing because we grow old, we grow old because we stop playing.

    Comment


    • #3
      Re: Problem with ISA 2000

      You can read more about RWW vs VPN on a server local to you, Mihail at:

      http://www.sbsfaq.com/

      which is on a server in Sydney!!!
      TIA

      Steven Teiger [SBS-MVP(2003-2009)]
      http://www.wintra.co.il/
      sigpic
      Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

      We donít stop playing because we grow old, we grow old because we stop playing.

      Comment


      • #4
        Re: Problem with ISA 2000

        Hello,
        I don't use ISA 2000 on a daily base but based on my testing envirament, by defoult ISA 2000 dosn't block ICMP between a VPN client and internal IPs.
        It is not the same in ISA 2004. VPN clients don't have access to anything .
        Access rules should be defined for them.
        Regards,
        Csaba Papp
        MCSA+messaging, MCSE, CCNA
        ...............................
        Remember to give credit where credit is due and leave reputation points where appropriate
        .................................

        Comment


        • #5
          Re: Problem with ISA 2000

          dear teiger and netxt!

          thank you for help...

          Yes, in fact, all my applications run fine, I have OWA, VPN, RWW up and running...

          I manually addes ping answer as a packet rule, it was easy...

          I think now I know more about my problem, and probably it is something else...not ISA2000 problem, because...
          I notices that from the server I cannot ping internal IPs of local client computers...strange, isn't it ?
          From client computers, I cannot ping server internally also...

          I can't understand what's going on....If a client computer connected directly to the server, why I can't ping ? We use MS RMS, so that I know for sure that clients can "talk" with the server via....let's say...SQL ports...
          Can ISA 2000 block somehow pings inside of local network ??????

          thank you for any further help
          regards,

          Mihail Kravsun
          MCSA, CCNA

          Comment


          • #6
            Re: Problem with ISA 2000

            hello,
            Do internal clients able to successfully ping each other?
            Regards,
            Csaba Papp
            MCSA+messaging, MCSE, CCNA
            ...............................
            Remember to give credit where credit is due and leave reputation points where appropriate
            .................................

            Comment


            • #7
              Re: Problem with ISA 2000

              Hello netxt,

              not sure about an ability to ping from one client to another, will try tomorrow.
              Because this is in our remote office.
              The only thing I know is that when I log in the server remotely (VPN+RDP),
              from the server I can't ping internal clients...

              thanks for response

              Mihail
              regards,

              Mihail Kravsun
              MCSA, CCNA

              Comment


              • #8
                Re: Problem with ISA 2000

                Ok, now I know more about my problem.

                When I was in our remote office, from server's console I was able to ping any internal and external IPs.
                From any client locally I was able to ping server's internal IP.
                So that locally it is fine.

                Strang things happen when I am connected remotely.
                Ok. I establish VPN connection to the server.
                and I cannot ping internal server's IP.

                Then remotely I open RDP, and in that window I try again, already in the server's window. no luck, I can't ping internal IPs of local computers...

                I don't know how to explain this...

                is it not a big issue for me, all what I am try to do is to understand what's going on

                any ideas ?

                thank you!
                Mihail
                regards,

                Mihail Kravsun
                MCSA, CCNA

                Comment

                Working...
                X